Abstract: One method of testing multi-threaded code involves accessing a first set of instructions which are configured to be executed, in execution order, as a thread of a multi-threaded process. A memory space is modified, based upon the first set of instructions. The modified memory space represents one or more values that are generated by executing the first set of program instructions in a different order than execution order. The memory space is processed by a second set of program instructions, which is configured to be executed as a second thread of the multi-threaded process.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

Abstract: A system and method for instrumenting program instructions. A processing system includes a compiler and a profiler. The profiler is configured to instrument an application by inserting one or more instrumentation instructions in the application. During execution of the application, execution is monitored and a particular condition is detected. Responsive to the condition, a portion of the code which corresponds to the detected condition is identified. A request is conveyed for recompilation of code which corresponds to code. Prior to recompilation of the code, the profiler instruments the portion of code. Execution and monitoring of the execution continue, and instrumentation/recompilation may be repeated. Initially, relatively little of the application code may be instrumented. As execution and monitoring continues, more and more of the application code may be dynamically instrumented during execution.

Abstract: The present invention enables a large number of files to be processed for evidence of malicious content, independently of the file system that maintains the files. The processed files can be obtained from live data or a point-in-time copy (e.g., a snapshot) of the data, based on mapping information that maps the files to the physical storage device. In one embodiment, a method involves accessing mapping information corresponding to a set of data. The mapping information maps at least a portion of a file to a physical storage location. The portion of the file can be read from the physical storage location using the mapping information, without accessing a file system. The portion of the file can then be analyzed for evidence of malicious content.

Abstract: A method and mechanism for diagnosing application failures. An executable application is augmented with code which generates a list of components, as well as version information, utilized by the application. Also created is data which associates application components with applications which utilize those components. The list of components, version information, and association data are stored in a database and updated each time the application is run. In response to detecting a failure of the application, a database query is generated which returns a list of components utilized by the failed application. By comparing the date that application components changed to the date the application was last successfully run, a high priority list of components which changed since the last successful run may be generated. Diagnosis of the application failure may then begin with components in the high priority list.

Abstract: A system and method for instrumenting program instructions. A processing system includes a compiler and a profiler. The compiler is configured to notify the profiler of a compilation event corresponding to first program instructions. In response to detecting the event, the profiler is configured to intercept compilation of the first program instructions, determine whether an instrumented version of the first program instructions is currently available, instruct the compiler to compile the instrumented version of the first program instructions if available, and retrieve and instrument the first program instructions if not available. The profiler may maintain an instrumentation cache for storing instrumented versions of program instructions. The instrumentation cache may further include metadata which identifies portions of program code which have been instrumented and their location. The profiler may generally instrument program instructions once during the resident life of a corresponding application.

Abstract: A system for a redundancy management service for peer-to-peer (P2P) networks includes one or more processors and memory coupled to the processors. The memory stores program instructions executable by the processors to receive a request at a device to upload a data object from the device into a P2P network. In response to receiving the request, the instructions are executable to identify a redundancy manager associated with the device and to transmit the data object to the redundancy manager. In addition, the instructions are executable to upload, from the redundancy manager to one or more target devices of the P2P network, a plurality of data blocks derived from the data object, such that the data object may be recovered from a subset of the plurality of data blocks.

Abstract: Methods and systems are provided for internal monitoring of applications. A distributed management framework may comprise a plurality of applications and application servers, wherein each of the applications is configured to make function calls to standard programming functions. The function calls to the standard programming functions are intercepted. The function calls are routed to alternative implementations of the standard programming functions, and the alternative implementations are used to collect availability metrics for the plurality of applications. Manager threads may be used for internal monitoring of application execution. Applications may be modified with additional instructions to monitor program execution and automatically generate output comprising an execution history.

Abstract: A system and method for managing the environment of software processes in a computer system. A computer system comprises a processor and at least one process environment comprising one or more environment variables. The processor executes one or more processes, intercepts the launch of a process, sets at least one environment variable to a first value, and continues the launch of the process. Setting the environment variable may enable a profiler process. The processor may set at least one environment variable for the process to a value which is chosen irrespective of a value of the environment variable of a parent process of the process. Further, the processor may set at least one environment variable for the process to a default value if a data repository does not contain an entry that has an identification which corresponds to the process.

Abstract: An interactive system for debugging programs in which a persistent data base system responds to update queries containing debugging information from a debugging information source and to read queries on the debugging information from an interactive interface. The interactive interface produces the read queries in response to inputs from users and formats the results of the read queries as required by the user. One source of inputs is a standard Web browser for which the interactive interface functions as a Web server. The system also includes a command channel by which the source of debugging information receives commands from the interactive interface. In one embodiment, the command channel is implemented in the data base. In a disclosed implementation, the source of debugging information provides memory debugging information. Also disclosed are techniques for using an automatic memory management system to reduce memory fragmentation and heap footprint size.

Abstract: A system for efficient backups using dynamically shared storage pools in peer-to-peer networks comprises one or more processors and memory coupled to the processors. The memory stores instructions executable by the processors to implement a backup manager configured to dynamically subdivide a storage pool into one or more portions of storage currently designated for local backup data and one or more portions of storage currently designated for peer-to-peer (P2P) backup data. In response to local backup data received from a backup client, the backup manager may store the local backup data in a portion of the storage pool that is currently designated for local backup data. The backup manager may then generate a P2P version of the local backup data, e.g., by encrypting and/or redundancy encoding the local backup data, and transmit parts of the P2P version to each of one or more peer devices in the P2P network.

Abstract: A system for selective self-healing of memory errors comprises a processor coupled to a memory, where the memory stores instructions executable by the processor to store an error record for each memory management error detected during an execution of the application. The error record identifies an allocation location (e.g., a portion of a stack trace corresponding to the invocation of a memory allocation function such as malloc( )) of an object associated with the memory management error. The instructions are executable to use the error record to identify, during subsequent execution, memory operations performed on objects allocated from the allocation location, and to perform corresponding memory protection operations (e.g., operations to prevent re-occurrences of the memory errors) for the memory operations identified using the error record.

Abstract: A method and mechanism for managing dynamically allocated memory. Portions of memory which are available for allocation have additional information stored in association with each portion which indicates whether the portion has been previously identified as being prematurely freed. In addition, a checksum is stored with each portion of memory. In response to a request for deallocation of a portion of memory, the portion of memory is not deallocated if it is identified as having been prematurely freed. Otherwise, the a checksum is calculated for the portion and it is freed. In response to an allocation request, a candidate portion of memory is identified for allocation and a checksum is calculated for the candidate portion. If the calculated checksum does not match a checksum previously stored for the candidate portion, the portion is identified as having been prematurely freed and is not returned for allocation.

Abstract: A memory manager comprises a memory allocator and a garbage collector. The memory allocator is configured to allocate memory for objects within a heap on behalf of a process, generate a heap map comprising a plurality of heap map entries, wherein each heap map entry of the plurality of heap map entries includes an address of an object allocated within the heap, and provide the heap map to the garbage collector. The garbage collector is configured to generate a mark list identifying one or more objects within the heap using the heap map, wherein the addresses of the one or more objects correspond to data values specified within an address space of the process, and to free a given object previously allocated in the heap if the mark list indicates that an address of the given object does not correspond to a data value specified within the address space.

Abstract: An interactive system for debugging programs in which a persistent data base system responds to update queries containing debugging information from a debugging information source and to read queries on the debugging information from an interactive interface. The interactive interface produces the read queries in response to inputs from users and formats the results of the read queries as required by the user. One source of inputs is a standard Web browser for which the interactive interface functions as a Web server. The system also includes a command channel by which the source of debugging information receives commands from the interactive interface. In one embodiment, the command channel is implemented in the data base. In a disclosed implementation, the source of debugging information provides memory debugging information. Also disclosed are techniques for using an automatic memory management system to reduce memory fragmentation and heap footprint size.

Abstract: A technique that permits a conservative garbage collector to be used with the heap management functions provided by an allocator which is independent of the garbage collector. The allocator and the garbage collector (139) employ a malloc table (319) to exchange information about the heap (125). When the allocator determines that determines that garbage collection is required, the allocator makes a current heap map in the malloc table that specifies the location of each block in the current heap and whether the block is collectible by the garbage collector. The allocator then invokes the garbage collector, which uses the current heap map in its mark cycle to make a mark list that indicates which of the heap blocks are pointed to by apparent pointers in the processer's address space.

Abstract: Techniques for transparently registering non-memory resources used by a program with a garbage collector so that the non-memory resources can be freed when the program is finished using them. The techniques automatically determine from the program that the execution will use a resource and then automatically modify the program's behavior so that the resource is registered. When the program is finished with the resource, it can be determined from the registry whether the resource must be freed. In one embodiment, the technique is employed in a garbage collector for doing resource garbage collection with legacy C and C++ programs. The garbage collector locates invocations that allocate such resources in the code and modifies the code so that when it is executed, the resources are registered. The techniques can also be used to ensure that finalizers associated with objects are executed before the object is freed.

Abstract: Techniques for providing interactive user interfaces for programming constructs. A programming construct is associated with one or more metaphors (837) that specify interactive user interfaces (807) for the programming construct. Thus, a programming construct may have a metaphor for a text-based user interface or for one or more different graphical user interfaces. The metaphor may be associated with a description of the construct such as that found in an abstract syntax tree (823), and the metaphor may obtain the information it needs to construct the interface from the description, so that the user interfaces automatically track changes in the programming construct. Also included is apparatus for modifying the metaphor. In one implementation, a build form function (1407) is used to read the information needed to construct the construct's user interface from the construct's description and the metaphor is modified by modifying the build form function.